FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Problem with a script





Fire Boar
Hi, I have a problem with a script I am making for a phpNuke module and was wondering if anyone here could help. Here is the script:
Code:
<?php
if (!eregi("modules.php", $PHP_SELF)) {
  die ("You can't access this file directly...");
}
define ('IN_PHPBB', FALSE);
$index = 0;
require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
require($phpbb_root_path . 'nukebb.php');
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX, $nukeuser);
init_userprefs($userdata);
//
// End session management
//
$file = $_REQUEST['edit'];
$newfile = $_POST['edits'];
// Remove .php ext
$fileminusext = str_replace(".php", "", $file);
// Set up a table
opentable();
if ($newfile == "")
{
// Generate a welcome
echo "<center><span class=\"option\">Developer's Kit: Editing ".$file.".</span></center><br>";
// Does the user have permission to edit the file?
$sql = "SELECT filepath FROM ".$prefix."_developer WHERE username = '".$userdata['username']."' AND filepath = '".$file."'";
$result = $db->sql_query($sql);
$numrows = mysql_numrows($result);
// If no permissions...
if ($numrows == 0)
{
echo "<center><span class=\"content\">You do not have developer's permissions on this file.</span></center>";
}
// What if the file does not exist?
elseif (!file_exists($file))
{
echo "<center><span class=\"content\">The file does not exist!</span></center>";
}
// Otherwise open the file, save a backup and generate box
else
{
// Open file as readable
$backuppathstart = "modules/Developers/backups/".$fileminusext;
$backuppath = $backuppathstart.".php";
$backupnumber = 0;
// Loop round to find backups
while (file_exists($backuppath))
{
$backupnumber++;
$backuppath = $backuppathstart.strval($backupnumber).".php";
}
// Save backup
$filehandle = fopen("$backuppath", 'w');
// BIG string here: it contains the whole file.
$contents = file_get_contents($file);
// Write to file
fwrite($filehandle, $contents);
fclose($filehandle);

// Create the textarea and form, as well as generate a little warning.
echo "<form action=\"modules.php?name=Developers&file=editfile&edit=".$file."\"><textarea name=\"edits\" rows=25 cols=150 wrap=\"virtual\">".$contents."</textarea><br><strong>Warning: Changing the contents of this file may result in unexpected changes.<br><br><input type=SUBMIT value=\"Save\"></form>";
}
}
else
{
// Generate a welcome
echo "<center><span class=\"option\">Developer's Kit: Editing ".$file.".</span></center><br>";
// Does the user have permission to edit the file?
$sql = "SELECT filepath FROM ".$prefix."_developer WHERE username = '".$userdata['username']."' AND filepath = '".$file."'";
$result = $db->sql_query($sql);
$numrows = mysql_numrows($result);
// If no permissions...
if ($numrows == 0)
{
echo "<center><span class=\"content\">You do not have developer's permissions on this file.</span></center>";
}
// What if the file does not exist?
elseif (!file_exists($file))
{
echo "<center><span class=\"content\">The file does not exist!</span></center>";
}
else
{
// Save file
$filehandle = fopen("$file", 'w');
// Write to file
fwrite($filehandle, $newfile);
fclose($filehandle);

// Now output the page.
echo "File changed.<br><a href=\"modules.php?name=Developers\">Back to main developer's page</a>";
}
}
closetable();
include("footer.php");
?>

If you hadn't already guessed, this is for developers to be able to modify certain files without giving them complete access to the hosting control panel, through entries in a database.

The URL of the file is modules.php?name=Developers&file=editfile&edit=(path to the editable file, linked to via an earlier script)

Right now I have it displaying a textbox with the contents of the file in question (if the person is allowed to access it, this is set in the database), the warning and the save button. It also backs up the file properly. However, after making some changes and clicking save, it links straight back to index.php and the file is not updated.

I believe the problem stems from this part:
Code:
else
{
// Generate a welcome
echo "<center><span class=\"option\">Developer's Kit: Editing ".$file.".</span></center><br>";
// Does the user have permission to edit the file?
$sql = "SELECT filepath FROM ".$prefix."_developer WHERE username = '".$userdata['username']."' AND filepath = '".$file."'";
$result = $db->sql_query($sql);
$numrows = mysql_numrows($result);
// If no permissions...
if ($numrows == 0)
{
echo "<center><span class=\"content\">You do not have developer's permissions on this file.</span></center>";
}
// What if the file does not exist?
elseif (!file_exists($file))
{
echo "<center><span class=\"content\">The file does not exist!</span></center>";
}
else
{
// Save file
$filehandle = fopen("$file", 'w');
// Write to file
fwrite($filehandle, $newfile);
fclose($filehandle);

// Now output the page.
echo "File changed.<br><a href=\"modules.php?name=Developers\">Back to main developer's page</a>";
}
}
Fire Boar
Sorry about the double post, but the post was getting a bit long. I've just commented out the entire "else..." bit and replaced the contents with "echo $newfile". Same result. I'm thinking perhaps it's more likely to be a problem with this bit?
Code:
echo "<form action=\"modules.php?name=Developers&file=editfile&edit=".$file."\"><textarea name=\"edits\" rows=25 cols=150 wrap=\"virtual\">".$contents."</textarea><br><strong>Warning: Changing the contents of this file may result in unexpected changes.<br><br><input type=SUBMIT value=\"Save\"></form>";


Possibly?
RT Cunningham
View that snippet as source in your browser. It may be something as simple as needing to escape special characters.
Fire Boar
Well the whole page is blank, nothing's going to the browser at all. That's one of the bad things about PHPNuke: debugging is almost non-existant.

That seemed to be the right way of going about it, though, since the snippet didn't work even on its own. Then I realised I forgot to specift a method. Doh!

After adding method=\"post\" in the <form> tag, it worked fine. Cheers!
Related topics
phpbb problem....
Need a script - navigation
Navigation Script (javascript) Help Please!
I can't upload my Database SQL script ! Helllppppp!!!!
problem with a php randomizer script
Php script Cod server stats
SDRAM vs DDRAM
A PHP problem !
MySQL DB Backup script - minor problem
Script Problem
Script problem
PHP login script problem
Problem with galary script
" Fatal error: Allowed memory size of 52428800" bl
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.